Monday, July 25. 2005
DRM in Hi-Def
If you own a high definition (HD) television, you might sometimes wonder why you spent so much money on it since almost no content is available that can showcase the television’s capabilities. You might also wonder when you are going to be able to buy or rent high definition movies on DVD. I can’t answer your doubts about spending money on the new technology, but I can tell you when and how you will get your high definition content.
Almost all new television series are being recorded in high definition, and in most US markets the major networks are broadcasting in high definition. So at present you can watch some television series and most sporting events in hi-def. The real availability for hi-def content will not be for at least another five months, until fourth quarter 2005 or first quarter 2006. These are the launch dates for both of the new high definition disc formats, HD-DVD and Blu-Ray.
This site is not a forum to discuss which technology is better, so we are going to focus on the software behind the hardware. However, I will give a quick take on the technologies for background. On paper Blu-Ray appears to me to be a more advanced standard with higher storage capacity and more software options, but it also appears to be more expensive to build. The first of the two formats to hit the market appears to be HD-DVD. These players should be on the market sometime this year with less than one hundred movies available at launch. Firm prices have not yet been set for the players or the movies, but expect player prices to be over $500US and movies to be in the $30US price range. The Blu-Ray players will be out sometime in early 2006 with about equal movie support. It is possible that the first Blu-Ray player to reach the mass market will be the Sony Playstation 3 gaming console. Most computer makers are very happy to see higher capacity discs appearing, so expect to see computer drives for both formats start showing up soon after the stand-alone players show up.
With the hardware talk out of the way, let’s compare the software and digital rights management that will be included in these HD players. The video encoding software that has been adopted by both standards is known as VC-1 which was developed by Microsoft. Microsoft has now turned over licensing of this standard to MPEG LA which is the same licensing board that handles all licensing for MPEG video systems. This means that even though Microsoft will get paid for every new hi-def player, they will not have the ability to charge more to some clients than others as they do with their personal computer software.
Both systems use new sophisticated DRM schemes. In the case of HD-DVD, the DRM scheme is known as Advanced Access Content System (AACS). Blu-Ray has not officially announced which DRM scheme it will use, but recent reports indicate that they too may use AACS. The exact internals between the two systems will vary some but I will try to explain the basics of how the system works. Keep in mind that this explanation is very simplified.
The first thing to understand is that AACS will use a system of encryptions and keys. Content can be encrypted so that it will work with one or more keys. This approach is already used to encrypt email, so it makes an easy example. Imagine that you want to encrypt an email and send it to me. I would provide you with my public key. You would give this public key to your email client and associate it with my email address. Now anytime you send me an email it will be encrypted in such a way that only my private key can decrypt it. If you wanted to send the same email to two people, your email client would encrypt the message in such a way that both people’s private keys could decrypt it.
In the same way, the new HD discs can be encrypted using one or more keys. Every device will have a unique private key similar to the email clients described previously. Or in some cases, the manufacturers may choose to assign one key to multiple devices. In order to get the content off of the disk, a person would have to have one of these keys. If a person is able to extract this key from the device’s firmware, then they would be able to copy the new disc to a computer, make backups, pirate it, etc.
The next thing to understand is the concept of a binary tree. A binary tree is a type of data structure used in computer science where there is a base node that expands by two branches at each level. Each branch is referred to as either left or right and each branch has at its end either a node or a leaf. A node will have branches extending out of it to the next level while a leaf does not have any branches extending from it. Leaves are the last level of the tree.
I explain the tree structure because it will be the data structure used to store all of these device keys. While this may not seem logical, consider how many keys can be stored in a relatively small tree. There is one key in the first level, two keys in the second level, four keys in the third level and so forth. The number of nodes (keys) at a particular level is equal to 2(n-1) where n is the level number in the tree. So a tree with only 17 levels would have 216 or 65,536 keys on the bottom most level. The number can grow quickly with 2,147,483,648 at level 32 of the tree.
What does storing all of these keys in a tree have to do with DRM? Well, this is where the really insidious part of this scheme begins to show. The AACS specification calls for every device to have network connectivity. That’s right, your hi-def DVD player is going to be connected to the network and will have the ability to call home and receive updates. What kind of updates? Key revocation notices, of course. If a device key gets cracked and posted to the internet, then the DVD makers can encrypt all new discs so that they cannot work with that key. Now is where the tree comes into play. Since every key is a sub-key of the node to which it is attached, entire groups of keys can be disabled by disabling a key higher in the tree than where your key is located.
Let’s say that your device has a key that is in level 30 of the tree. Now let’s say that I have a key at level 32 and I publish my key to the internet so that people can decode DVDs on player without a key, such as a Linux computer. The DVD makers will go to some level above me, say level 20, and disable that key. Any node (key) that is a child of the disabled key will no longer work. The device will have to call home to get new keys to continue to work. In this example with thirty two levels, if the cutoff is done at level 20 then 8191 devices (keys) would stop working until they phoned home.
At this point you must have realized that this revocation process only works if the DVD makers can identify the key that is cracked. If a hacker cracks his device but does not publish his key then the DVD makers will never know it was cracked. This hacker can then begin putting unencrypted movies on P2P networks then the DVD makers are powerless to stop this. In this regard, this DRM scheme fails to stop piracy just like every other DRM scheme on the market. Pirates that operate for profit will not be affected by this new DRM because they will either publish nonencrypted DVDs or will make a bit-by-bit copy of the original disc. Casual pirates will simply circulate stripped copies without the DRM.
So why put this much work into something that does not prevent piracy? Money and power. With current DVD’s, if I want to go into business building DVD players, all I have to do is pay my yearly encryption license fee and start building the DVD players. The movie industry has no control over how I build my devices. I can let my devices ignore region encoding, not use MacroVision, and generally allow the user to do whatever he wants. Even if I stop paying my yearly license fee, the movie industry has little recourse against me. However, this is not so with the new generation of devices.
If a device maker does not build their devices to suit the movie industry or if the device maker stops paying their licensing fee, then all the movie industry has to do is revoke their key. The problem is that if you happen to be one of the poor people that bought a hi-def DVD player from one of these disreputable companies then your player will most likely never work again.
It seems to me that this particular DRM scheme can only serve to punish innocent consumers. The exact companies that the movie industry is worried about are the ones that generally make the lower-end, lower-priced players. An example is Apex DVD players which have a flashable ROM so that a person could turn off any of the protection schemes that were built into the player. Instead of stopping piracy and file sharing, this new scheme only serves to boost profits for the movie industry and the electronics industry by keeping prices artificially high and reducing competition. It is reprehensible when companies wave the anti-piracy banner and use DRM to merely veil engorged profits and artificial price inflation. As a side note, such tactics are perfectly legal because the DMCA prevents any circumvention of DRM schemes.
Expect next generation high definition players to cost $500US or more. Also expect the prices to stay at this lofty price for a long time. It is up to you and me as consumers to send a message to the movie industry that we are not willing to accept this sort of lunacy. With all of this said, it is my fear that like many other things in today’s society, this will become commonplace because people do not understand the technology or because people are too apathetic to do anything about it.
Author: Jimmy Palmer
Almost all new television series are being recorded in high definition, and in most US markets the major networks are broadcasting in high definition. So at present you can watch some television series and most sporting events in hi-def. The real availability for hi-def content will not be for at least another five months, until fourth quarter 2005 or first quarter 2006. These are the launch dates for both of the new high definition disc formats, HD-DVD and Blu-Ray.
This site is not a forum to discuss which technology is better, so we are going to focus on the software behind the hardware. However, I will give a quick take on the technologies for background. On paper Blu-Ray appears to me to be a more advanced standard with higher storage capacity and more software options, but it also appears to be more expensive to build. The first of the two formats to hit the market appears to be HD-DVD. These players should be on the market sometime this year with less than one hundred movies available at launch. Firm prices have not yet been set for the players or the movies, but expect player prices to be over $500US and movies to be in the $30US price range. The Blu-Ray players will be out sometime in early 2006 with about equal movie support. It is possible that the first Blu-Ray player to reach the mass market will be the Sony Playstation 3 gaming console. Most computer makers are very happy to see higher capacity discs appearing, so expect to see computer drives for both formats start showing up soon after the stand-alone players show up.
With the hardware talk out of the way, let’s compare the software and digital rights management that will be included in these HD players. The video encoding software that has been adopted by both standards is known as VC-1 which was developed by Microsoft. Microsoft has now turned over licensing of this standard to MPEG LA which is the same licensing board that handles all licensing for MPEG video systems. This means that even though Microsoft will get paid for every new hi-def player, they will not have the ability to charge more to some clients than others as they do with their personal computer software.
Both systems use new sophisticated DRM schemes. In the case of HD-DVD, the DRM scheme is known as Advanced Access Content System (AACS). Blu-Ray has not officially announced which DRM scheme it will use, but recent reports indicate that they too may use AACS. The exact internals between the two systems will vary some but I will try to explain the basics of how the system works. Keep in mind that this explanation is very simplified.
The first thing to understand is that AACS will use a system of encryptions and keys. Content can be encrypted so that it will work with one or more keys. This approach is already used to encrypt email, so it makes an easy example. Imagine that you want to encrypt an email and send it to me. I would provide you with my public key. You would give this public key to your email client and associate it with my email address. Now anytime you send me an email it will be encrypted in such a way that only my private key can decrypt it. If you wanted to send the same email to two people, your email client would encrypt the message in such a way that both people’s private keys could decrypt it.
In the same way, the new HD discs can be encrypted using one or more keys. Every device will have a unique private key similar to the email clients described previously. Or in some cases, the manufacturers may choose to assign one key to multiple devices. In order to get the content off of the disk, a person would have to have one of these keys. If a person is able to extract this key from the device’s firmware, then they would be able to copy the new disc to a computer, make backups, pirate it, etc.
The next thing to understand is the concept of a binary tree. A binary tree is a type of data structure used in computer science where there is a base node that expands by two branches at each level. Each branch is referred to as either left or right and each branch has at its end either a node or a leaf. A node will have branches extending out of it to the next level while a leaf does not have any branches extending from it. Leaves are the last level of the tree.
I explain the tree structure because it will be the data structure used to store all of these device keys. While this may not seem logical, consider how many keys can be stored in a relatively small tree. There is one key in the first level, two keys in the second level, four keys in the third level and so forth. The number of nodes (keys) at a particular level is equal to 2(n-1) where n is the level number in the tree. So a tree with only 17 levels would have 216 or 65,536 keys on the bottom most level. The number can grow quickly with 2,147,483,648 at level 32 of the tree.
What does storing all of these keys in a tree have to do with DRM? Well, this is where the really insidious part of this scheme begins to show. The AACS specification calls for every device to have network connectivity. That’s right, your hi-def DVD player is going to be connected to the network and will have the ability to call home and receive updates. What kind of updates? Key revocation notices, of course. If a device key gets cracked and posted to the internet, then the DVD makers can encrypt all new discs so that they cannot work with that key. Now is where the tree comes into play. Since every key is a sub-key of the node to which it is attached, entire groups of keys can be disabled by disabling a key higher in the tree than where your key is located.
Let’s say that your device has a key that is in level 30 of the tree. Now let’s say that I have a key at level 32 and I publish my key to the internet so that people can decode DVDs on player without a key, such as a Linux computer. The DVD makers will go to some level above me, say level 20, and disable that key. Any node (key) that is a child of the disabled key will no longer work. The device will have to call home to get new keys to continue to work. In this example with thirty two levels, if the cutoff is done at level 20 then 8191 devices (keys) would stop working until they phoned home.
At this point you must have realized that this revocation process only works if the DVD makers can identify the key that is cracked. If a hacker cracks his device but does not publish his key then the DVD makers will never know it was cracked. This hacker can then begin putting unencrypted movies on P2P networks then the DVD makers are powerless to stop this. In this regard, this DRM scheme fails to stop piracy just like every other DRM scheme on the market. Pirates that operate for profit will not be affected by this new DRM because they will either publish nonencrypted DVDs or will make a bit-by-bit copy of the original disc. Casual pirates will simply circulate stripped copies without the DRM.
So why put this much work into something that does not prevent piracy? Money and power. With current DVD’s, if I want to go into business building DVD players, all I have to do is pay my yearly encryption license fee and start building the DVD players. The movie industry has no control over how I build my devices. I can let my devices ignore region encoding, not use MacroVision, and generally allow the user to do whatever he wants. Even if I stop paying my yearly license fee, the movie industry has little recourse against me. However, this is not so with the new generation of devices.
If a device maker does not build their devices to suit the movie industry or if the device maker stops paying their licensing fee, then all the movie industry has to do is revoke their key. The problem is that if you happen to be one of the poor people that bought a hi-def DVD player from one of these disreputable companies then your player will most likely never work again.
It seems to me that this particular DRM scheme can only serve to punish innocent consumers. The exact companies that the movie industry is worried about are the ones that generally make the lower-end, lower-priced players. An example is Apex DVD players which have a flashable ROM so that a person could turn off any of the protection schemes that were built into the player. Instead of stopping piracy and file sharing, this new scheme only serves to boost profits for the movie industry and the electronics industry by keeping prices artificially high and reducing competition. It is reprehensible when companies wave the anti-piracy banner and use DRM to merely veil engorged profits and artificial price inflation. As a side note, such tactics are perfectly legal because the DMCA prevents any circumvention of DRM schemes.
Expect next generation high definition players to cost $500US or more. Also expect the prices to stay at this lofty price for a long time. It is up to you and me as consumers to send a message to the movie industry that we are not willing to accept this sort of lunacy. With all of this said, it is my fear that like many other things in today’s society, this will become commonplace because people do not understand the technology or because people are too apathetic to do anything about it.
Author: Jimmy Palmer
Monday, June 27. 2005
DRM-related Effects of the Grokster Ruling
It's an all-you-can-eat Grokster ruling news fest right now. Many traditional media venues, law and news blogs, and IP-related sites have minute-by-minute updates of responses to the case. I'm thankful that news of the decision didn't get completely buried under some of the other socially-sensitive rulings that were released today. I'm jumping in the fray to talk about potential DRM-related aspects of the case.
The Court ruled that Grokster could be held accountable for the illegal trading of files via its software and remanded the case to the 9th Circuit Court for a new ruling. The Supreme Court couldn't agree on how to use the previous 1984 Sony Betamax ruling (which the Movie Studios were hoping to have overturned or greatly limited by this ruling) so multiple concurring decisions were written by the Justices.
Most legal experts have stated that the Court didn't want to stifle further technological development; therefore the Justice Souter, who wrote the opinion of the Court, made a distinction between the technology and the business model of the company who created the technology. If the company explicitly targets their software as a method of breaking the law and profits from that illegal use (i.e. by increased traffic and advertising via the software), then the company is liable for that illegal use.
Although I haven't heard the words "digital rights management" yet, there was one part of the ruling that seems to encourage companies to use DRM in order to exonerate themselves from allegations of contributory infringement. The Court pointed out that Grokster designed and marketed Morpheus to specifically attract illegal file sharing. Moreover, it did nothing to filter illegal files or users who distributed or acquired illegal files through its software. From Justice Souter's Court Opinion,
Manually banning user accounts and illegal files is prohibitively time consuming. On all but the smallest of scales, it is not a feasible method for monitoring illegal activity on a network or software system. Thus, to protect a company from contributory infringement liability, the only remaining approach is to introduce some sort of DRM to limit illegal use. The wording in the Grokster decision may give content owners room to argue that companies whose products don't contain DRM are not doing enough to hinder or discourage infringement and are thus liable.
Author: Ginger Cox
The Court ruled that Grokster could be held accountable for the illegal trading of files via its software and remanded the case to the 9th Circuit Court for a new ruling. The Supreme Court couldn't agree on how to use the previous 1984 Sony Betamax ruling (which the Movie Studios were hoping to have overturned or greatly limited by this ruling) so multiple concurring decisions were written by the Justices.
Most legal experts have stated that the Court didn't want to stifle further technological development; therefore the Justice Souter, who wrote the opinion of the Court, made a distinction between the technology and the business model of the company who created the technology. If the company explicitly targets their software as a method of breaking the law and profits from that illegal use (i.e. by increased traffic and advertising via the software), then the company is liable for that illegal use.
Although I haven't heard the words "digital rights management" yet, there was one part of the ruling that seems to encourage companies to use DRM in order to exonerate themselves from allegations of contributory infringement. The Court pointed out that Grokster designed and marketed Morpheus to specifically attract illegal file sharing. Moreover, it did nothing to filter illegal files or users who distributed or acquired illegal files through its software. From Justice Souter's Court Opinion,
Finally, there is no evidence that either company made an effort to filter copyrighted material from users’ downloads or otherwise impede the sharing of copyrighted files. Although Grokster appears to have sent e-mails warning users about infringing content when it received threatening notice from the copyright holders, it never blocked anyone from continuing to use its software to share copyrighted files. Id., at 75–76. StreamCast not only rejected another company’s offer of help to monitor infringement, id., at 928–929, but blocked the Internet Protocol addresses of entities it believed were trying to engage in such monitoring on its networks, id., at 917–-922.Although the main component of this proof was that Grokster intended Morpheus for illegal file sharing, the addition of this evidence means that companies may be held liable if they don't actively try to discourage the infringing behavior. Apparently making users aware that such activity is illegal is not enough. Companies whose products can be used illegally must take action to remove either the users, the illegal content, or the mechanisms that make that illegal activity possible. Souter didn't mention the technology specifically, however, such language in the ruling can potentially give digital rights management more legal legitimacy.
Manually banning user accounts and illegal files is prohibitively time consuming. On all but the smallest of scales, it is not a feasible method for monitoring illegal activity on a network or software system. Thus, to protect a company from contributory infringement liability, the only remaining approach is to introduce some sort of DRM to limit illegal use. The wording in the Grokster decision may give content owners room to argue that companies whose products don't contain DRM are not doing enough to hinder or discourage infringement and are thus liable.
Author: Ginger Cox
Friday, June 17. 2005
Technology Paradigm Wars
Do you feel shackled to old technology just so that the music middle men can maintain their inflated profit margin? Well, you should now.
Released just three days ago by RCA, the new Foo Fighters CD contains DRM that supposedly prevents the CD from being loaded and ripped via iTunes. Customers are already complaining that their legally purchased music isn't worth the money they paid for it because they can only listen to it in CD players.
Many people would argue that there's no difference between this type of on-CD DRM and the DRM wrapped around files bought from download services. They both limit the devices the music can be played on as well as locking you in to a particular form of hardware. However, the defining difference is one of paradigm. By tying the customer's rights and access to a physical item, CDs and their accompanying DRM put a barrier between the customer and what s/he actually payed for: access to the data on the CD. We've discussed in previous posts the oddly blurred line that CDs walk between granting a license to listen to the music on the CD yet making no guarantee to continue that license once the physical copy is lost or destroyed. The DRM on downloaded music actually extends the user's license to make back-ups and access that music on more than just one technology, i.e. computers, mp3 players as well as CD players. Although I still consider it inadequate in terms of fair use, consumer rights, and proprietary interoperability, the DRM on downloaded files is preferable to one that steadfastly refuses to acknowledge the customer's desire to adapt the music to new technology.
MP3 players, while not yet adopted by the majority of music lovers, are quickly becoming the prevailing technology. However, the music middle men including the record companies and the RIAA don't make nearly as much money through selling songs through download services as much as they do for standard retail CDs. So to keep their profits up, buying a little digital rights management and slapping it on the CD is a good investment. It keeps customers tied to CD players where for every copy of a song there's a clunky piece of hardware and disc to keep up with.
One of the best reads on the subject of the RIAA's hatred of mp3's is an article by Orson Scott Card titled "MP3's are Not the Devil". He explains how the music business has reaped the windfall profits that came with new technology, until now. From the record to the eight track to the cassette tape and finally to the company disc, the record companies and their henchmen have made billions of dollars as you buy the same titles you already own in the new, higher quality technology.
All this ended with the mp3 player. Even though most downloaded songs aren't even in the form of mp3s anymore, the concept is still the same: individual files downloaded separately. Even though most music is still sold in the form of albums, more and more people are switching to portable music players. Customers are choosing to download only certain titles from an artist's work rather than whole albums. Perhaps they were burned by buying a $16 CD by an artist whose song they really liked and realized that the rest of the album was just similar-sounding fluff. With each customer who chooses to download from iTunes or even subscribe to monthly services like Napster, the record companies lose their ability to sell you a CD with only two songs you like for the price of fifteen.
Even though Apple was able to finally persuade the music companies to let their music be sold by download, they still don't like it. The new Foo Fighters CD is just one more example of how record companies are still trying to subvert the new technology. They don't realize that the paradigm of delivering media on an object is dying, albeit slowly, and that their stalling methods are just pushing people to download their music directly. The download companies at least acknowledge that the customers are going to want to listen to their music on portable devices as well as stand alone CD players and thus tailor their DRM to accommodate it.
According to a few comments I've read (I can't confirm this), the old trick of holding down the shift key to disable autorun could bypass the built-in digital rights management. But the best approach is choosing not to buy CD at all. Don't give them your money for an inferior product with limited use. Wait until the songs are available for download legally from an online vendor. Shop around and find one with the least restrictive DRM or without DRM altogether. It may not seem like it, but it's worth the short-term sacrifice to encourage companies to respect consumer rights. If you'd like to go as far as writing RCA, that would be even better, since they would know why you're spending your money elsewhere.
Author: Ginger Cox
Released just three days ago by RCA, the new Foo Fighters CD contains DRM that supposedly prevents the CD from being loaded and ripped via iTunes. Customers are already complaining that their legally purchased music isn't worth the money they paid for it because they can only listen to it in CD players.
Many people would argue that there's no difference between this type of on-CD DRM and the DRM wrapped around files bought from download services. They both limit the devices the music can be played on as well as locking you in to a particular form of hardware. However, the defining difference is one of paradigm. By tying the customer's rights and access to a physical item, CDs and their accompanying DRM put a barrier between the customer and what s/he actually payed for: access to the data on the CD. We've discussed in previous posts the oddly blurred line that CDs walk between granting a license to listen to the music on the CD yet making no guarantee to continue that license once the physical copy is lost or destroyed. The DRM on downloaded music actually extends the user's license to make back-ups and access that music on more than just one technology, i.e. computers, mp3 players as well as CD players. Although I still consider it inadequate in terms of fair use, consumer rights, and proprietary interoperability, the DRM on downloaded files is preferable to one that steadfastly refuses to acknowledge the customer's desire to adapt the music to new technology.
MP3 players, while not yet adopted by the majority of music lovers, are quickly becoming the prevailing technology. However, the music middle men including the record companies and the RIAA don't make nearly as much money through selling songs through download services as much as they do for standard retail CDs. So to keep their profits up, buying a little digital rights management and slapping it on the CD is a good investment. It keeps customers tied to CD players where for every copy of a song there's a clunky piece of hardware and disc to keep up with.
One of the best reads on the subject of the RIAA's hatred of mp3's is an article by Orson Scott Card titled "MP3's are Not the Devil". He explains how the music business has reaped the windfall profits that came with new technology, until now. From the record to the eight track to the cassette tape and finally to the company disc, the record companies and their henchmen have made billions of dollars as you buy the same titles you already own in the new, higher quality technology.
All this ended with the mp3 player. Even though most downloaded songs aren't even in the form of mp3s anymore, the concept is still the same: individual files downloaded separately. Even though most music is still sold in the form of albums, more and more people are switching to portable music players. Customers are choosing to download only certain titles from an artist's work rather than whole albums. Perhaps they were burned by buying a $16 CD by an artist whose song they really liked and realized that the rest of the album was just similar-sounding fluff. With each customer who chooses to download from iTunes or even subscribe to monthly services like Napster, the record companies lose their ability to sell you a CD with only two songs you like for the price of fifteen.
Even though Apple was able to finally persuade the music companies to let their music be sold by download, they still don't like it. The new Foo Fighters CD is just one more example of how record companies are still trying to subvert the new technology. They don't realize that the paradigm of delivering media on an object is dying, albeit slowly, and that their stalling methods are just pushing people to download their music directly. The download companies at least acknowledge that the customers are going to want to listen to their music on portable devices as well as stand alone CD players and thus tailor their DRM to accommodate it.
According to a few comments I've read (I can't confirm this), the old trick of holding down the shift key to disable autorun could bypass the built-in digital rights management. But the best approach is choosing not to buy CD at all. Don't give them your money for an inferior product with limited use. Wait until the songs are available for download legally from an online vendor. Shop around and find one with the least restrictive DRM or without DRM altogether. It may not seem like it, but it's worth the short-term sacrifice to encourage companies to respect consumer rights. If you'd like to go as far as writing RCA, that would be even better, since they would know why you're spending your money elsewhere.
Author: Ginger Cox
Wednesday, February 16. 2005
Two Steps Back - Napster-To-Go's First Announced DRM Hole
Last week, we made a prediction that the Napster DRM would be broken and that it would soon reassume its position in the piracy world as the number one source of illegal music files. The first part of the prediction wasn't hard to make. All DRM schemes get hacked, broken, and rendered ineffectual until the next code release is updated which in turn is broken, too, continuing the cycle. Any person who has casually observed any given year of the last ten years of internet history would arrive at the same conclusion.
The second part our prediction was much bolder. It takes a serious feat of stupidity (or is it foresight? Keep reading...) to be the foremost source of illegal music files while spending over $30 million to hype your new legitimate music rental serives. The downloading environment has changed significantly since the first generation of Napster-ites. Most massive file sharing has been scared away by lawsuits and lured to legitimacy by iTunes Music Store. Napster-To-Go hasn't reached its previous nadir of free-music smorgasbord, yet, but with yesterday's news, we see it on the horizon.
Yesterday News.Com reported that an age-old technique can effectively render Napster-To-Go's music downloads DRM-free. Yeah, it involves a some time-consuming streaming and recording, but with the unlimited downloads that come with Napster's mere $15 monthly payment, the opportunity for filling up every household hard drive with decent quality copies is endless. And this technique isn't limited to the computer elite. Any monkey with a keyboard and internet access can do it. All you need is Winamp, for Alan-Turing's-sake!
The deciding difference between the distaster-in-progress of Napster-To-Go unlimited subscription scheme and other pay-per-song schemes is scale. People can easily get around the iTMS DRM scheme, but they commonly do so for interoperability with non-iPod players or small-time sharing with their immediate circle of friends (which is not unlike Fair-Use CD burning). Regardless, with iTMS most songs are still payed for legitimately.
However, Napster-To-Go's subscription model is based on the premise that all copies of the songs would be lost should the customers ever stop paying from month-to-month. With the addition of easily-executed DRM removal, Napster's tenuous protection of the artists' work dissolves rather quickly. Now one person can sign up for Napster-To-Go, spend a scant $15 and download thousands of songs only to set up a stream and record queue and convert those cheaply-rented disappearing songs to practically-free permanent ones.
But Napster doesn't seem worried at all. In fact, it's keeping a very cool air about the whole thing. It seems rather convenient that such a simple DRM trick could now make Napster-To-Go the most attractive source for practically-free music. It stands to make out well, attracting droves of music downloaders away from its pay-per-song competitors like iTMS, Microsoft, and Walmart. It was practically the only way it would be able to break into a market dominated by the iTunes Music Store.
And there's the rub. Napster wants to keep its system secure for people who want to pay for music. But for those who don't want to pay for their music, they'll leave their security hole right where it is and rake in the auto-renewing subscription fees. I'm not privy to the financial arrangement that Napster-To-Go has with Record Labels, but it can work out two ways: Napster starts to lose money at a drastic rate or they confirm that this security hole is the most lucrative DRM hole in history.
In the meantime, this security hole and Napster's non-chalance is sending the legitimate music download market back into the dark ages. Record Companies took forever to accept that downloading digital music could have a legitimate future. Now, all we have to look forward to is an ever tightening noose as DRM schemes get tighter and tighter while interoperability shrinks to the size of a pinprick.
And so it begins...
Author: Ginger Cox
The second part our prediction was much bolder. It takes a serious feat of stupidity (or is it foresight? Keep reading...) to be the foremost source of illegal music files while spending over $30 million to hype your new legitimate music rental serives. The downloading environment has changed significantly since the first generation of Napster-ites. Most massive file sharing has been scared away by lawsuits and lured to legitimacy by iTunes Music Store. Napster-To-Go hasn't reached its previous nadir of free-music smorgasbord, yet, but with yesterday's news, we see it on the horizon.
Yesterday News.Com reported that an age-old technique can effectively render Napster-To-Go's music downloads DRM-free. Yeah, it involves a some time-consuming streaming and recording, but with the unlimited downloads that come with Napster's mere $15 monthly payment, the opportunity for filling up every household hard drive with decent quality copies is endless. And this technique isn't limited to the computer elite. Any monkey with a keyboard and internet access can do it. All you need is Winamp, for Alan-Turing's-sake!
The deciding difference between the distaster-in-progress of Napster-To-Go unlimited subscription scheme and other pay-per-song schemes is scale. People can easily get around the iTMS DRM scheme, but they commonly do so for interoperability with non-iPod players or small-time sharing with their immediate circle of friends (which is not unlike Fair-Use CD burning). Regardless, with iTMS most songs are still payed for legitimately.
However, Napster-To-Go's subscription model is based on the premise that all copies of the songs would be lost should the customers ever stop paying from month-to-month. With the addition of easily-executed DRM removal, Napster's tenuous protection of the artists' work dissolves rather quickly. Now one person can sign up for Napster-To-Go, spend a scant $15 and download thousands of songs only to set up a stream and record queue and convert those cheaply-rented disappearing songs to practically-free permanent ones.
But Napster doesn't seem worried at all. In fact, it's keeping a very cool air about the whole thing. It seems rather convenient that such a simple DRM trick could now make Napster-To-Go the most attractive source for practically-free music. It stands to make out well, attracting droves of music downloaders away from its pay-per-song competitors like iTMS, Microsoft, and Walmart. It was practically the only way it would be able to break into a market dominated by the iTunes Music Store.
- From News.Com: "It's not a new thing," said Napster spokeswoman Dana Harris. "We do all we can to make our system as secure as possible for people who want to pay for music." Record label executives nevertheless said privately that they were worried at the attention the technique was getting.
And there's the rub. Napster wants to keep its system secure for people who want to pay for music. But for those who don't want to pay for their music, they'll leave their security hole right where it is and rake in the auto-renewing subscription fees. I'm not privy to the financial arrangement that Napster-To-Go has with Record Labels, but it can work out two ways: Napster starts to lose money at a drastic rate or they confirm that this security hole is the most lucrative DRM hole in history.
In the meantime, this security hole and Napster's non-chalance is sending the legitimate music download market back into the dark ages. Record Companies took forever to accept that downloading digital music could have a legitimate future. Now, all we have to look forward to is an ever tightening noose as DRM schemes get tighter and tighter while interoperability shrinks to the size of a pinprick.
And so it begins...
Author: Ginger Cox
Friday, January 28. 2005
Contributory Infringement
I am no lawyer but it seems to me that a particular bit of legalese called "contributory infringement" is horribly defined and is the cause of much heartache in the world of data sharing. I choose to use the term data sharing (DS) as opposed to peer-to-peer (P2P) because it includes much more than illegal music sharing.
So what does contributory infringement mean? It refers to the action of one person either allowing or causing another person to infringe the rights of a third person. As an example, imagine that I wrote a book and then published this book. A teacher buys my book and makes forty copies of it using a Xerox copy machine. By doing so, the teacher has infringed upon my rights by basically stealing my intellectual property. The pertinent question though is how far does this guilt extend? This teacher would never have been able to copy my book if Xerox had not created its copy machine. So, did Xerox contribute to the infringement on my rights?
Most people would answer no to this question claiming that Xerox is not responsible for what people do with a tool. In fact, the courts have also answered no to this question in several cases. Possibly the most famous case was Sony Corporation v Universal City Studios which is now known as the Betamax case. The Court held that companies that make and sell video recording devices (VHS and Beta) could not be sued by the owners of motion pictures if an ordinary user used one of these devices to record copyrighted material. The Court’s reasoning is that this equipment had extensive non-infringing uses and thus the responsibility was on the user of the equipment and not on the seller of the equipment.
It has been suggested that there are two other reasons that the Court decided against Universal City Studios and "contributory infringement". One reason is that the Court wanted to limit the size of the “net of liability”. As you can imagine, the question of contributory infringement becomes more and more complicated as the “net of liability” is spread wider. As an example, imagine if the Court had found in favor of the movie studios. Now, who can be sued?
The Court in cases like this often becomes “floodgate” protection for the industry. The thinking is that if we have to stop this onslaught of lawsuits before it begins.
A second and less accepted reason is that the Court realized that there was a potentially huge market for the movie makers and nudged them in the direction of embracing the new technology. I do not subscribe to this theory and I hope that the Court doesn't often choose this sort of tactic for deciding cases.
So now let us apply this same analysis to the Grokster case that is heading to the Court. Does Grokster contribute to the infringement of rights of content holders? Will the court find against Grokster? To answer these questions, look at the reasons the Court might find for Grokster and see if any of them hold up. The possible reasons are extensive non-infringing use, floodgate protection, and potential financial windfall.
Potential Financial Windfall
I am starting with this one because I think it is the easiest to answer. It may be very short sighted of me but I fail to see any way in which copyright holders stand to profit by P2P file sharing. There is a comment box below and I am willing to listen to anyone that can show me a business model where this makes sense.
Non-Infringing Uses
Are there extensive non-infringing uses for this technology? I have a hard time answering this question with a yes. I can see a way in which small publishing companies could distribute samples to millions of people for little or no cost, give away a little for free and hope to sell the rest. I can also see how I as an individual would want to share some of my own work to other people. However, there are other options for this that do not require decentralized servers with random master node generation. It is certainly easier for the target customer of such merchandise to get it straight from a website than to try and find it on a P2P network.
The one use of a DS network that stands to be lost is “fair-use” copying and sharing. If I let my friend use my CD then that should be considered fair use. If my friend lives 3000 miles away from me then I should be able to share my MP3 album with him. However, in a standard P2P network there is no way for me to ensure that the person retrieving my album is my friend.
I do not see how extensive non-infringing uses can be successfully argued in this case.
Floodgate Protection
For me, this is the most intriguing and potentially successful argument in favor of Grokster. If Grokster and other such applications/companies are found to be liable for the content that travels across the network then how many other types of applications and other types of companies could potentially be sued?
The first types of software that come to mind are disc burning applications. These applications allow any user to make as many copies of a copyrighted work as the user would like to make. These applications include iTunes, WinAmp, Windows Media Player, Nero, and numerous others. Then maybe the liability extends to the operating system that does not prevent such P2P applications from running. Then the hardware vendors that sell the recording devices and any other part of a modern computer. There are also the network providers that allow access to broadband and unlimited downloads.
From this point of view it looks as though floodgate protection might be useful in the Grokster defense. However, if you look at any of the afore mentioned companies and applications then you realize that all of them but Grokster are covered by the non-infringing uses argument.
Conclusion
In the end I do not see any way in which the Court can find in favor of Grokster. The technology seems to have been built from the ground up to do nothing but to make money for Grokster by allowing people to steal from copyright holders. This is truly sad for me to admit but I want to see the Court shut down Grokster. Why is it sad? Because I firmly believe that it is the individual that is responsible for his/her own actions. If I were to put my music collection on a P2P network I should be the one responsible for it. I also think that the courts believe this too but will still force Grokster to shut down. In this case the Court is faced with a sort of reverse floodgate responsibility. If Grokster wins then the media companies have no choice than to sue every user of the P2P network. The shear number of cases that will flood the court systems will be overwhelming.
Author: Jimmy Palmer
So what does contributory infringement mean? It refers to the action of one person either allowing or causing another person to infringe the rights of a third person. As an example, imagine that I wrote a book and then published this book. A teacher buys my book and makes forty copies of it using a Xerox copy machine. By doing so, the teacher has infringed upon my rights by basically stealing my intellectual property. The pertinent question though is how far does this guilt extend? This teacher would never have been able to copy my book if Xerox had not created its copy machine. So, did Xerox contribute to the infringement on my rights?
Most people would answer no to this question claiming that Xerox is not responsible for what people do with a tool. In fact, the courts have also answered no to this question in several cases. Possibly the most famous case was Sony Corporation v Universal City Studios which is now known as the Betamax case. The Court held that companies that make and sell video recording devices (VHS and Beta) could not be sued by the owners of motion pictures if an ordinary user used one of these devices to record copyrighted material. The Court’s reasoning is that this equipment had extensive non-infringing uses and thus the responsibility was on the user of the equipment and not on the seller of the equipment.
It has been suggested that there are two other reasons that the Court decided against Universal City Studios and "contributory infringement". One reason is that the Court wanted to limit the size of the “net of liability”. As you can imagine, the question of contributory infringement becomes more and more complicated as the “net of liability” is spread wider. As an example, imagine if the Court had found in favor of the movie studios. Now, who can be sued?
- The retailer that sold the device?
- The retailer that sold the blank media?
- The manufacturer of the blank media?
- The manufacturer of the actual recording head inside the device?
The Court in cases like this often becomes “floodgate” protection for the industry. The thinking is that if we have to stop this onslaught of lawsuits before it begins.
A second and less accepted reason is that the Court realized that there was a potentially huge market for the movie makers and nudged them in the direction of embracing the new technology. I do not subscribe to this theory and I hope that the Court doesn't often choose this sort of tactic for deciding cases.
So now let us apply this same analysis to the Grokster case that is heading to the Court. Does Grokster contribute to the infringement of rights of content holders? Will the court find against Grokster? To answer these questions, look at the reasons the Court might find for Grokster and see if any of them hold up. The possible reasons are extensive non-infringing use, floodgate protection, and potential financial windfall.
Potential Financial Windfall
I am starting with this one because I think it is the easiest to answer. It may be very short sighted of me but I fail to see any way in which copyright holders stand to profit by P2P file sharing. There is a comment box below and I am willing to listen to anyone that can show me a business model where this makes sense.
Non-Infringing Uses
Are there extensive non-infringing uses for this technology? I have a hard time answering this question with a yes. I can see a way in which small publishing companies could distribute samples to millions of people for little or no cost, give away a little for free and hope to sell the rest. I can also see how I as an individual would want to share some of my own work to other people. However, there are other options for this that do not require decentralized servers with random master node generation. It is certainly easier for the target customer of such merchandise to get it straight from a website than to try and find it on a P2P network.
The one use of a DS network that stands to be lost is “fair-use” copying and sharing. If I let my friend use my CD then that should be considered fair use. If my friend lives 3000 miles away from me then I should be able to share my MP3 album with him. However, in a standard P2P network there is no way for me to ensure that the person retrieving my album is my friend.
I do not see how extensive non-infringing uses can be successfully argued in this case.
Floodgate Protection
For me, this is the most intriguing and potentially successful argument in favor of Grokster. If Grokster and other such applications/companies are found to be liable for the content that travels across the network then how many other types of applications and other types of companies could potentially be sued?
The first types of software that come to mind are disc burning applications. These applications allow any user to make as many copies of a copyrighted work as the user would like to make. These applications include iTunes, WinAmp, Windows Media Player, Nero, and numerous others. Then maybe the liability extends to the operating system that does not prevent such P2P applications from running. Then the hardware vendors that sell the recording devices and any other part of a modern computer. There are also the network providers that allow access to broadband and unlimited downloads.
From this point of view it looks as though floodgate protection might be useful in the Grokster defense. However, if you look at any of the afore mentioned companies and applications then you realize that all of them but Grokster are covered by the non-infringing uses argument.
Conclusion
In the end I do not see any way in which the Court can find in favor of Grokster. The technology seems to have been built from the ground up to do nothing but to make money for Grokster by allowing people to steal from copyright holders. This is truly sad for me to admit but I want to see the Court shut down Grokster. Why is it sad? Because I firmly believe that it is the individual that is responsible for his/her own actions. If I were to put my music collection on a P2P network I should be the one responsible for it. I also think that the courts believe this too but will still force Grokster to shut down. In this case the Court is faced with a sort of reverse floodgate responsibility. If Grokster wins then the media companies have no choice than to sue every user of the P2P network. The shear number of cases that will flood the court systems will be overwhelming.
Author: Jimmy Palmer
